To proxy all apt/package downloads via Tor, I added this to /etc/apt/apt.conf, which is similar:
Acquire::socks::Proxy "socks://127.0.0.1:9050"; apt used to enable HTTP pipelining, meaning apt would make multiple HTTP requests over a single TCP connection, rather than recreating the TCP socket on each HTTP request. HTTP pipelining is useful for privacy, since it makes the traffic harder to profile. Unfortunately, recently HTTP pipelining was recently disabled by default. It can be reenabled for https using: Acquire::https::Pipeline-Depth "10"; I'm currently trying out this as my current setup in /etc/apt/apt.conf: Acquire::socks::Proxy "socks://127.0.0.1:9050"; Acquire::https::SslForceVersion "TLSv1"; Acquire::http::Pipeline-Depth "20"; Acquire::https::Pipeline-Depth "20"; As for using an onion address, if the Tor Hidden Service has been properly setup (i.e. it redirects to localhost not a different machine), then the onion address provides point-to-point encryption like HTTPS. That means at no point is your apt traffic visible to a network observer. .hc On 07/13/2014 02:16 AM, [email protected] wrote: > you could also add this to 70debconf and update over Tor > > Acquire::http::Proxy "http://localhost:8118";; > Acquire::https::SslForceVersion "TLSv1"; > > > > Hans-Christoph Steiner: >> >> A few of us have been trying to figure out how to improve Debian's software >> distribution so that the software that people are using remains more private >> and difficult to snoop on a mass scale. >> >> You can follow the discussions here: >> * https://bugs.debian.org/750522 >> * https://lists.debian.org/debian-security/2014/07/msg00002.html >> * https://lists.debian.org/debian-security/2014/07/msg00022.html >> >> I'm trying to practice what I preach here, so I set up my very first debian >> mirror. It is hosted on my home connection, so be gentle. It is only >> debian-security for amd64 and i386: >> >> deb http://dju2peblv7upfz3q.onion/debian-security/ wheezy/updates main >> >> or >> >> deb http://dju2peblv7upfz3q.onion/debian-security/ squeeze/updates main >> >> This is a test repo, so be sure to keep a real debian-security mirror in your >> sources.list! Just put it after the above line, and apt-get will prefer the >> tor hidden service, but still get the latest updates available from >> debian-security. >> >> .hc >> >> >> >> _______________________________________________ >> Guardian-dev mailing list >> >> Post: [email protected] >> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev >> >> To Unsubscribe >> Send email to: [email protected] >> Or visit: >> https://lists.mayfirst.org/mailman/options/guardian-dev/shmick%40riseup.net >> >> You are subscribed as: [email protected] >> > _______________________________________________ > Guardian-dev mailing list > > Post: [email protected] > List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev > > To Unsubscribe > Send email to: [email protected] > Or visit: > https://lists.mayfirst.org/mailman/options/guardian-dev/hans%40guardianproject.info > > You are subscribed as: [email protected] > -- PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81 _______________________________________________ Guardian-dev mailing list Post: [email protected] List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To Unsubscribe Send email to: [email protected] Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/archive%40mail-archive.com You are subscribed as: [email protected]
